Information Security and Technology Risk Manager

About The Position

Requirements

• Bachelor’s degree in computer science, engineering, MIS, information assurance, or a related field preferred. Equivalent professional experience will be considered.
• Professional skepticism, sound judgment, and a steady temperament, with strong analytical and communication skills; able to identify emerging risks, distill complex issues, and engage effectively across all levels of the organization.
• Self-directed and highly organized, with strong project management skills and the ability to prioritize competing demands within defined SLAs.
• 3+ years of experience in Technology Risk, IT Audit, Information Security, risk advisory, or related field, with practical knowledge of security principles and risk management.
• Familiarity with information security and technology frameworks and industry best practices, such as FFIEC, ISO, NIST, COBIT, ITIL, SOX, SOC 1/SOC 2, or COSO.
• Financial Services or Banking experience preferred.

Nice To Haves

• Interest in or exposure to AI tools and workflow automation for risk management processes is a plus.
• Big 4 IT audit, risk advisory, or technology consulting experience is highly valued.
• CISSP, CRISC, CISA, CISM, or CCSP certifications a plus.

Responsibilities

• Support oversight and credible challenge activities by leading the review of risks and impacts identified by 1st line control owners and providing independent assessments to senior management.
• Review and assess Information Security and Technology policies and standards, formulating observations and actionable recommendations for management.
• Collaborate with business partners to develop, maintain, and refine Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for Information Security and Technology risk.
• Conduct risk assessments, deep dives, and gap analyses and document findings and identified control enhancement opportunities, including Risk and Control Self-Assessment (RCSA) validation.
• Track remediation plans for risk events and issues; coordinate with action owners to collect and evaluate remediation evidence and report progress to management.
• Support and present to governance committees, management, and business partners by preparing materials, delivering analysis, and driving follow-up actions.
• Develop an understanding of business processes and objectives to independently identify opportunities to strengthen the control environment.
• Provide review and challenge to Non-Financial Risk framework initiatives, such as Internal Control Testing and Scenario Analysis, by performing assigned analyses and documentation tasks.
• Identify opportunities to leverage AI, automation, and emerging technologies to streamline risk management workflows, including evidence collection, risk reporting, control testing, and remediation tracking; evaluate and recommend tools and approaches with appropriate governance considerations.
• Maintain awareness of Information Security, Technology, AI governance, and regulatory developments and escalate relevant observations to management for discussion, support outreach, communication, and training efforts across business lines.

Benefits

• In addition to salary and a generous employee benefits package, including Medical, Dental and 401K plans, successful candidates are also eligible to receive a discretionary bonus.